Lucene search
Andrea Micalizzi (rgod)ZDI-14-166HistoryJun 02, 2014 - 12:00 a.m.
(0Day) Rocket Servergraph Admin Center for TSM userRequest save_server_groups Command Remote Code Execution Vulnerability
2014-06-0200:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
12
0.969 High
EPSS
Percentile
99.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the userRequest servlet. This servlet is vulnerable to a directory traversal vulnerability when processing save_server_groups commands. A remote attacker can leverage this vulnerability to execute remote code under the context of the SYSTEM user.
Related
prion
prion
Directory traversal
2014-08-07 11:13:00
cvelist
cvelist
CVE-2014-3914
2014-08-07 10:00:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2014-3914
2014-08-07 11:13:36
nvd
nvd
CVE-2014-3914
2014-08-07 11:13:36
zdt
zdt
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
2014-06-18 00:00:00
packetstorm
packetstorm
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
2014-06-17 00:00:00